You can see who upvoted and downvoted a post by viewing it in friendica.
-
Especially in federated networks where the data isn't under access control, doubly so if the privacy extension is optional
-
Hashing alone if it's just usernames isn't enough. Need something like keyed hashes, but then malicious servers can lie about numbers of votes.
Otherwise you need something ridiculously overengineered like public but encrypted logs of user actions and Zero-knowledge proofs of correctness mapping everything to a distinct existing user without revealing who it is.
As I mentioned in another post: for consistency is better to have each server count total votes from their own users, send a signed & timestamped message with the count to the host of the post being voted on. Then the host can display a consistent vote count to everybody that shows where votes are coming from without manipulation of external votes.
Each individual server can lie about its count, but not by too much or else it will be detected and the server can get defederated (or have its votes ignored).
-
Some people only browse global feeds and downvote stuff as if they're trying to train the Netflix recommendation algorithm, completely ignoring the rules of the community it originates from
-
I remember that being a problem back on Reddit (though I always found people upvoting low-effort stuff that wasn't community/sub-appropriate to be more of a problem). It's kind of a site-wide UX issue though really, if a new casual user is just presented with a list of posts then they might genuinely be unaware of (or perhaps just uninterested in) where they came from and what their votes mean.
-
I mean, seems pretty pseudoanonymous to me, unless Musk had another kid he named apj2k36 or something.
-
but then malicious servers can lie about numbers of votes.
They already can do that by pretending to have users they don't have. It's definitely a quick way to get defederated.
-
Petty mods or users would abuse this
-
Hash them with the post ID appended, so a user can't be identified across posts
-
i think we should be accounting for it if we don't wanna get swallowed by shitty interests tbh
-
It's already possible to see if you really want to look. Friendica is just another way.
-
Like, of course; tho any sort of "accounting" should IMO start from the base that the intent of this entire thing is to publicly share public information.
-
This is one of the reasons why I'd love to see a more expanded method of reacting to content rather than simply upvoting or dowvoting; something like, say, user-side thread or post tagging, with things like "verified", "clickbait", and mood reacts like "happy" vs "sad", and usefulness reacts like "solved, thanks" vs "closed as duplicate", etc. We need more and better axes.
(Axises? Axeses?
Asses?) -
Interesting idea, but how do you decide on what the universally-agreed on reactions are? Have too many and they may as well just be comments!
-
That's almost as bad as using robots.txt to claim sites are private and secure and just whining that people/bots should respect it.
You should assume voter data is fully public and fully open. It otherwise is in the federated ecosystem.
-
It's not good practice. Really one shouldn't be assuming anything is private or some entitlement to privacy on a service where all content you post is made publicly available to any and all linked instances. They miss the point of a federated public forum. If one wants privacy, data must be kept locally only. That's why Lemmy has local-only communities, the "private" community aspect that many people want just won't be federated, because you can't make something like this private otherwise.
-
The comparison doesn't work because both Lemmy and Mbin are implementing the same standard, while robots.txt is mostly an honour system.
-
I know, but most people don't.
-
Except ActivityPub data is by in large already not private, it is handed out to any tom dick and harry who run a server and have subscribed to actors on this one, and most of the time, it doesn't even really require extra authorization. That is fundamentally how ActivityPub and federation work, but you can't have any expectation of privacy in this system when it comes to the content shared. Expecting it to be private because it's labeled is as dumb as expecting your website not to get scraped because you said so in robots.txt.
-
I know, it's a really big problem here and on the Fediverse in general because people get so outraged and entitled over something that just is the way things are, this wouldn't work any other way.
-
Mods can already see voting data, at least through the API on the latest version of Lemmy.
